159 matches found
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
In this article 1. Attack chain overview 1. Discovery and initial indicators 2. Dependency injection: the poisoned package.json 3. Typosquat analysis: easy-day-js 4. Staged delivery pattern 5. Obfuscation and payload analysis 6. TLS bypass to self-deletion 7. Timeline analysis 2. Who is Sapphire...
Malicious code in @mastra/loggers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5225485064c54423eac85ed05753c97466d46c15d9b59dbe48193b115f538b3b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6072 Malicious code in @mastra/loggers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5225485064c54423eac85ed05753c97466d46c15d9b59dbe48193b115f538b3b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/redis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9691125da52a04efba450b4c5dcbebe08a604a54f2e9420d95ce17f782f2728 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6074 Malicious code in @mastra/redis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9691125da52a04efba450b4c5dcbebe08a604a54f2e9420d95ce17f782f2728 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6055 Malicious code in @mastra/node-speaker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d1fc45cd66b93c4e1a83c1743f1ac9ee3ebea854208b1a9cae83ee957ebfd83 @mastra/node-speaker is a PCM audio output library wrapping native mpg123 bindings. Its package.json declares 'easy-day-js' ^1.11.21 as a runtime...
Malicious code in @mastra/voice-playai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 095ae6a310d12472e2f23394b600c1465acb4921d1ae78a38893ff567518437f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/github-signals (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e263abbd9ed9975f3f8aaecfd1a780616bc3aef00238ed9ba9075b5bf4e38f37 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/mem0 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0103dbf66edb7ceb716e244ea15e4a68e439052d93646cb1107c780e79620541 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6053 Malicious code in @mastra/mem0 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0103dbf66edb7ceb716e244ea15e4a68e439052d93646cb1107c780e79620541 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/node-audio (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e67f59921eaf19b7b608ed824610779a1929306854008a2a1633edf67bca3b7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb2d86bcc71a172b3b3abf321bea01e031f13fcbd7cf94c490a5735f02f6dc8f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6056 Malicious code in @mastra/react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb2d86bcc71a172b3b3abf321bea01e031f13fcbd7cf94c490a5735f02f6dc8f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
145 Mastra npm Packages Compromised via Hijacked Contributor Account
As many as 145 npm packages associated with the Mastra namespace "@mastra/", a popular open-source JavaScript and TypeScript framework for building artificial intelligence AI applications, have been compromised as part of a software supply chain attack codenamed easy-day-js , per findings from...
Malicious code in @mastra/arize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a9417097d18abea911925be99fa31e70127eac4dcbcb16fb9eb5f20155a6650 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5998 Malicious code in @mastra/arize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a9417097d18abea911925be99fa31e70127eac4dcbcb16fb9eb5f20155a6650 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/voice-elevenlabs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f99d987467406ef04c81d4437451d8ba5f38649e85437a361470bb9fd94fbe53 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6045 Malicious code in @mastra/voice-elevenlabs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f99d987467406ef04c81d4437451d8ba5f38649e85437a361470bb9fd94fbe53 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/gcs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 722de440c55cc50c4576818745c16ee5105f7cf4c61295943a07826b22be9387 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6023 Malicious code in @mastra/gcs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 722de440c55cc50c4576818745c16ee5105f7cf4c61295943a07826b22be9387 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...